This invention relates generally to biometric data captured from users, and more particularly, to methods and systems for determining user liveness based on biometric data captured from the user.
Users conduct many different types of transactions with service providers in person and remotely over the Internet. Network-based transactions conducted over the Internet may involve, for example, purchasing items from a merchant web site or accessing confidential information from a website. Service providers that own and operate such websites typically require successfully authenticating a user before allowing the user to conduct a desired transaction.
Typically, during network-based biometric authentication transactions conducted with a user at a remote location, the user provides a claim of identity and biometric data. The biometric data is generally captured from the user with a capture device most convenient to the user, for example, the user's smart phone or other smart device. For voice biometric data the capture device has sound recording capability. However, imposters have been known to impersonate users by providing a false claim of identity supported by fraudulent biometric data in an effort to deceive a service provider into concluding the imposter is the person he or she claims to be. Such impersonations are known as spoofing.
Impostors have been known to use many methods to obtain or create fraudulent biometric data of others that can be submitted during authentication transactions. For example, imposters have been known to eavesdrop on networks during legitimate network-based biometric authentication transactions to surreptitiously obtain genuine voice biometric data from a user, and to replay the obtained voice biometric data during fraudulent network-based authentication transactions.
It is difficult to detect replayed voice biometric data using known voice replay detection algorithms because such algorithms either determine too many live genuine users are not live, or fail to detect sufficient numbers of replays. Additionally, known voice replay algorithms are not user-device dependent. Consequently, known voice replay detection algorithms generally do not provide high confidence liveness detection support for entities dependent upon accurate biometric verification transaction results. Moreover, known voice replay detection algorithms have been known to use substantial computer system memory and to require substantial computing resources which increases the time and costs of determining user liveness.